Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance

ABSTRACT

Data processing systems and methods, according to various embodiments, perform privacy assessments and monitor new versions of computer code for updated features and conditions that relate to compliance with privacy standards. The systems and methods may obtain a copy of computer code (e.g., a software application or code associated with a website) that collects and/or uses personal data, and then automatically analyze the computer code to identify one or more privacy-related attributes that may impact compliance with applicable privacy standards. The system may be adapted to monitor one or more locations (e.g., an online software application marketplace, and/or a specified website) to determine whether the application or website has changed. The system may, after analyzing the computer code, display the privacy-related attributes, collect information regarding the attributes, and automatically notify one or more designated individuals (e.g., privacy office representatives) regarding the attributes and information collected.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/882,989, filed Jan. 29, 2018, which is a continuation of U.S. patentapplication Ser. No. 15/671,073, filed Aug. 7, 2017, now U.S. Pat. No.9,882,935, issued Jan. 30, 2018, which is a divisional of U.S. patentapplication Ser. No. 15/254,901, filed Sep. 1, 2016, now U.S. Pat. No.9,729,583, issued Aug. 8, 2017, which claims priority from: (1) U.S.Provisional Patent Application No. 62/360,123, filed Jul. 8, 2016; (2)U.S. Provisional Patent Application No. 62/353,802, filed Jun. 23, 2016;(3) and U.S. Provisional Patent Application No. 62/348,695, filed Jun.10, 2016, the disclosures of which are hereby incorporated by referencein their entirety.

TECHNICAL FIELD

This disclosure relates to data processing systems and methods forperforming privacy assessments and monitoring new versions of computercode for updated features and conditions that relate to compliance withprivacy standards.

BACKGROUND

Over the past years, privacy and security policies, and relatedoperations have become increasingly important. Breaches in security,leading to the unauthorized access of personal data (which may includesensitive personal data) have become more frequent among companies andother organizations of all sizes. Such personal data may include, but isnot limited to, personally identifiable information (PII), which may beinformation that directly (or indirectly) identifies an individual orentity. Examples of PII include names, addresses, dates of birth, socialsecurity numbers, and biometric identifiers such as a person'sfingerprints or picture. Other personal data may include, for example,customers' Internet browsing habits, purchase history, or even theirpreferences (i.e., likes and dislikes, as provided or obtained throughsocial media). While not all personal data may be sensitive, in thewrong hands, this kind of information may have a negative impact on theindividuals or entities whose sensitive personal data is collected,including identity theft and embarrassment. Not only would this breachhave the potential of exposing individuals to malicious wrongdoing, thefallout from such breaches may result in damage to reputation, potentialliability, and costly remedial action for the organizations thatcollected the information and that were under an obligation to maintainits confidentiality and security. These breaches may result not only infinancial loss, but loss of credibility, confidence, and trust fromindividuals, stakeholders, and the public.

Many organizations that obtain, use, and transfer personal data,including sensitive personal data, have begun to address these privacyand security issues. To manage personal data, many companies haveattempted to implement operational policies and processes that complywith legal requirements, such as Mayada's Personal InformationProtection and Electronic Documents Act (PIPEDA) or the U.S.'s HealthInsurance Portability and Accountability Act (HIPPA) protecting apatient's medical information. The European Union's General DataProtection Regulation (GDPR) may fine companies up to 4% of their globalworldwide turnover (revenue) for not complying with its regulations(companies must comply by March 2018). These operational policies andprocesses also strive to comply with industry best practices (e.g., theDigital Advertising Alliance's Self-Regulatory Principles for OnlineBehavioral Advertising).

Many regulators recommend conducting privacy impact assessments, or dataprotection risk assessments along with data inventory mapping. Forexample, the GDPR requires data protection impact assessments.Additionally, the United Kingdom ICO's office provides guidance aroundprivacy impact assessments. The OPC in Mayada recommends personalinformation inventory, and the Singapore PDPA specifically mentionspersonal data inventory mapping. Thus, developing operational policiesand processes may reassure not only regulators, but also anorganization's customers, vendors, and other business partners.

For many companies handling personal data, privacy audits, whether doneaccording to AICPA Generally Accepted Privacy Principles, or ISACA's ITStandards, Guidelines, and Tools and Techniques for Audit Assurance andControl Professionals, are not just a best practice, they are arequirement (for example, Facebook and Google will be required toperform 10 privacy audits each until 2032 to ensure that their treatmentof personal data comports with the expectations of the Federal TradeCommission). When the time comes to perform a privacy audit, be it acompliance audit or adequacy audit, the lack of transparency or clarityinto where personal data comes from, where it is stored, who is usingit, where it has been transferred, and for what purpose is it beingused, may bog down any privacy audit process. Even worse, after a breachoccurs and is discovered, many organizations are unable to even identifya clear-cut organizational owner responsible for the breach recovery, orprovide sufficient evidence that privacy policies and regulations werecomplied with.

Many of these breaches have their roots in vulnerabilities that may befound in software applications, websites, or other computer code thatcollect, use and process personal data. The computer code may be anin-house application or solution, or one provided by a third party. Whenan organization's auditors or privacy team members conduct a privacyaudit or assessment, they typically direct questions to softwaredevelopers in an attempt to obtain answers they need to addresscompliance with privacy standards. Unfortunately, the auditors anddevelopers do not always use the same vernacular or technical language.As an example, auditors might ask a developer, “List for me all thepersonal data that you collect,” or “are you using any third partycode?” A developer, when responding, might, for example, not understandthat a user's IP address is considered personal data, especiallyaccording to some laws. A developer might also not understand that thirdparty code includes, for example, including snippets of HTML for ahosted library from Google's hosted library, or the use of othersoftware development kits (SDKs). With multitudes of questions duringthe audit process, the disconnect or language barrier may lead tovulnerabilities. Thus, auditors may ask a multitude of questions, butthe disconnect from the language barrier might not lead to theidentification or resolution of many privacy-related issues because theauditors are not obtaining the right answers to those questions.

In light of the above, there is currently a need for improved systemsand methods for assessing mobile applications, websites, and othercomputer code for features and conditions that may have an impact on acompany's compliance with privacy standards.

SUMMARY

A computer-implemented data processing method, according to variousembodiments, for use in automatically monitoring computer code forchanges within the context of privacy management comprises: (1)receiving, by one or more computer processors, one or more computerstorage locations where a new version of particular computer code may bestored; (2) monitoring, by one or more computer processors, the one ormore computer storage locations to determine whether any new versions ofthe particular computer code have been stored in the one or morecomputer storage locations by executing the data processing steps of:(A) receiving an indication that new computer code has been stored inthe one or more computer storage locations; and (B) comparing thecontents of the new computer code with one or more versions of theparticular computer code that have been assessed as a part of a previousprivacy assessment; and (3) in response to determining that the contentsof the new computer code are different from the contents of the one ormore versions of the particular computer code that have been assessed asa part of a previous privacy assessment, communicating, by one or morecomputer processors, an alert to a user indicating that a new version ofthe particular computer code exists; and (4) in response to determiningthat the contents of the new computer code are different from thecontents of the one or more versions of the particular computer codethat have been assessed as a part of a previous privacy assessment: (A)automatically electronically analyzing, by one or more computerprocessors, the new computer code to determine one or moreprivacy-related attributes of the new computer code, each of theprivacy-related attributes indicating one or more types of personalinformation the new computer code collects or accesses; (B)electronically displaying to an individual, by one or more computerprocessors, a list of the one or more privacy-related attributes of thenew computer code; (C) electronically displaying, by one or morecomputer processors, one or more prompts to the individual, wherein eachprompt informs the user to input information regarding one or moreparticular attributes of the one or more privacy-related attributes; and(D) communicating, by one or more computer processors, the informationregarding the particular privacy-related attributes to one or moresecond individuals for use in conducting a privacy assessment of the newcomputer code.

A computer system, according to various embodiments, for use inautomatically monitoring computer code for changes within the context ofprivacy management comprises at least one processor and memoryoperatively coupled to the at least one processor, and the computersystem is configured for: (1) receiving one or more computer storagelocations where a new version of particular computer code may be stored;(2) monitoring the one or more computer storage locations to determinewhether any new versions of the particular computer code have beenstored in the one or more computer storage locations by executing thedata processing steps of: (A) receiving an indication that new computercode having an identifier associated with the particular computer codehas been stored in the one or more computer storage locations; and (B)comparing the contents of the new computer code with one or moreversions of the particular computer code that have been assessed as apart of a previous privacy assessment; (3) in response to determiningthat the contents of the new computer code are different from thecontents of the one or more versions of the particular computer codethat have been assessed as a part of a previous privacy assessment,communicating an alert to a user indicating that a new version of theparticular computer code exists; and (4) in response to determining thatthe contents of the new computer code are different from the contents ofthe one or more versions of the computer code that have been assessed asa part of a previous privacy assessment: (A) automaticallyelectronically analyzing the new computer code to determine whether thenew computer code has any one of a specified plurality ofprivacy-related attributes; and (B) in response to determining that thenew computer code has a particular one of the specified plurality ofprivacy-related attributes: (1) executing the steps of: (a)electronically displaying one or more prompts to a user requesting thatthe user input information regarding the particular privacy-relatedattribute; (b) receiving input information from the user regarding theparticular privacy-related attribute; and (c) communicating the inputinformation to a second user for use in a privacy assessment of the newcomputer code; (2) changing an indicator associated with the newcomputer code to indicate that, before the new computer code islaunched, the attribute should be reviewed by one or more designatedindividuals; and (3) changing an indicator associated with the newcomputer code to indicate that, before the new computer code islaunched, the new computer code should be modified to not include theparticular privacy-related attribute.

A computer-implemented data processing method for use in automaticallymonitoring computer code for changes within the context of privacymanagement, the method comprising: (1) receiving, by one or morecomputer processors, one or more computer storage locations where a newversion of particular computer code may be stored; (2) monitoring, byone or more computer processors, the one or more computer storagelocations to determine whether any new versions of the particularcomputer code have been stored in the one or more computer storagelocations; (3) in response to determining that one or more new versionsof the particular computer code have been stored in the one or morecomputer storage locations: (A) automatically electronically, by one ormore computer processors, analyzing the new computer code to determineone or more privacy-related attributes of the new computer code, each ofthe one or more privacy-related attributes indicating one or more typesof personal information the new computer code collects or accesses; (B)electronically displaying to an individual, by one or more computerprocessors, a list of the one or more privacy-related attributes of thenew computer code; (C) electronically displaying, by one or morecomputer processors, one or more prompts to the individual wherein eachprompt informs the individual to input information regarding the one ormore attributes; and (D) communicating, by one or more computerprocessors, the information regarding the one or more privacy-relatedattributes to one or more second individuals for use in conducting aprivacy assessment of the new computer code.

A computer-implemented data processing method for use in automaticallymonitoring computer code for changes within the context of privacymanagement, the method comprising: (1) receiving, by one or morecomputer processors, one or more computer storage locations where a newversion of particular computer code may be stored; (2) monitoring, byone or more computer processors, the one or more computer storagelocations to determine whether any new versions of the computer codehave been stored in the one or more computer storage locations byexecuting the data processing steps of: (A) receiving, by one or morecomputer processors, an indication that new computer code having anidentifier associated with the computer code has been stored in the oneor more computer storage locations; and (B) comparing, by one or morecomputer processors, the contents of the new computer code with one ormore versions of the computer code that have been assessed as a part ofa previous privacy assessment; (3) in response to determining that thecontents of the new computer code are different from the contents of theone or more versions of the computer code that have been assessed as apart of a previous privacy assessment, automatically electronicallyanalyzing, by one or more computer processors, the new computer code todetermine whether the new computer code has a particular one of aspecified plurality of privacy-related attributes; and (4) in responseto determining that the new computer code has a particular one of theplurality of privacy-related attributes: (A) executing, by one or morecomputer processors, the steps of: (i) electronically displaying one ormore prompts to a user requesting that the user input informationregarding the particular privacy-related attribute; (ii) receiving inputinformation from the user regarding the particular privacy-relatedattribute; and (iii) communicating the input information to a seconduser for use in a privacy assessment of the new computer code; (B)changing an indicator associated with the new computer code to indicatethat, before the new computer code is launched, the attribute should bereviewed by one or more designated individuals; and (C) changing anindicator associated with the new computer code to indicate that, beforethe new computer code is launched, the new computer code should bemodified to not include the attribute.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments of a system and method for operationalizing privacycompliance and assessing risk of privacy campaigns are described below.In the course of this description, reference will be made to theaccompanying drawings, which are not necessarily drawn to scale, andwherein:

FIG. 1 is a diagram illustrating an exemplary network environment inwhich various embodiments of the present system and methods foroperationalizing privacy compliance may operate.

FIG. 2 is a schematic diagram of a computer (such as the server 120, oruser device 140, 150, 160, 170, 180, 190) that is suitable for use invarious embodiments;

FIG. 3 is a diagram illustrating an example of the different types ofindividuals that may be involved in privacy compliance.

FIG. 4 is a flow chart showing an example of a process performed by thesystem's Assessment Module.

FIG. 5 is a flow chart showing an example of a process performed by thesystem's Monitoring Module.

FIG. 6A is an example of a graphical user interface that shows theidentification of the location of computer code.

FIG. 6B is an example of a graphical user interface that shows theidentification of the location of computer code the results of anassessment.

FIG. 7 is an example of a graphical user interface that shows theresults of the ongoing monitoring of computer code.

DETAILED DESCRIPTION

Various embodiments now will be described more fully hereinafter withreference to the accompanying drawings. It should be understood that theinvention may be embodied in many different forms and should not beconstrued as limited to the embodiments set forth herein. Rather, theseembodiments are provided so that this disclosure will be thorough andcomplete, and will fully convey the scope of the invention to thoseskilled in the art. Like numbers refer to like elements throughout.

Overview

Various systems and methods for operationalizing privacy compliance aredescribed below. In particular, various systems are described below thatautomatically determine whether particular computer code (e.g., sourcecode or compiled code) complies with one or more privacy policies. Suchsystems may operate with or without obtaining information from varioususers regarding the code.

In particular embodiments, the system is adapted to allow a user toprovide the location of computer code (e.g., source code or compiledcode) to be analyzed. This location may be, for example, a location(e.g., in local memory or on a third-party server, such as a serverassociated with an app store, such as Apple's App Store, or theMicrosoft Store) of a particular software application or file. If thesoftware code to be analyzed is that of a website, the location may be,for example, the web site's URL.

After the system receives the location of the code, the system mayobtain the code by, for example, uploading the code from the specifiedlocation, or by scraping the relevant code from a specified website. Thesystem then automatically analyzes the code to determine, for example,whether the code includes any functionality that would be relevant toone or more privacy policies. For example, the system may automaticallydetermine whether the code, when executed, collects personal data in away that is contrary to one or more applicable laws, and/or contrary toone or more other privacy policies that apply to the code.

As a particular example, the system may analyze the computer code todetermine whether the code, when executed, gathers any personalinformation (such as sensitive personal information) regarding the userin a manner that is contrary to: (1) any applicable law; (2) a privacypolicy of a privacy campaign that the software code is being implementedin conjunction with (See U.S. Provisional Patent Application 62/348,695,which, as noted above, is incorporated herein by reference in itsentirety, for a more detailed discussion of privacy campaigns); (3) ageneral privacy policy of an organization implementing the computercode; and/or (4) any contractual provisions (e.g., software terms andconditions) that apply to the code.

In a particular embodiment, the system may use suitable third-partysoftware to determine whether the code, when executed, gathers anypersonal information. In other embodiments, the system may do so withoutusing third party software.

In various embodiments, upon determining that particular code gatherspersonal information, the system may send a request to a first user forinformation as to why the code includes the functionality at issue andwhether the functionality could potentially be omitted. For example, ifthe system determines that the code, when executed, tracks the user'slocation (e.g., the user's longitude and latitude, the zip code thatthey're located in, etc.) or web browsing habits, the system may presentone or more prompts to a user to input: (1) why the system is trackingthe user's location; (2) whether the location-tracking functionalitycould be omitted from the code, or modified to reduce the resolution ofthe location-tracking functionality (e.g., reduced from tracking theuser's precise longitude and latitude to more generally tracking the zipcode or other territorial boundary that they are located in) withouthaving a negative impact on the business purpose of the code; (3) whythe system is tracking the user's browsing habits; and/or (4) whetherthe browser-tracking functionality could be omitted from the codewithout having a negative impact on the business purpose of the code.The system may present such questions to any suitable user such as, forexample: (a) a software developer that is associated with developing thecode; (b) an “owner” of a software campaign associated with the code;(c) a privacy officer; and/or (d) an auditor.

The system may then transmit an alert to one or more specifiedindividuals (e.g., indicating that the code includes functionality thatmay be in violation of one or more applicable privacy policies) alongwith the answers to the questions referenced above. The specifiedindividuals may then use the answers to determine whether to coordinatemodifying the code to comply with the applicable privacy policies (e.g.,privacy laws or internal privacy policies).

In particular embodiments, the system may include a Monitoring Modulefor monitoring a particular piece of software to determine whether thesoftware has changed. If the software changes, the system may, forexample: (1) send an alert to an appropriate individual (e.g., a privacyofficer) indicating that the software has changed (e.g., a new versionof the software has been released); and/or (2) analyze the new versionof the code (e.g., as described above) to determine whether the newversion of the code violates any applicable privacy policies. Theappropriate individual may then take any necessary action to assurecompliance with the applicable privacy policies (e.g., coordinaterevision of the code and/or a downgrade to the immediate previousversion of the code). Various embodiments are described in greaterdetail below.

In particular embodiments, the system may also, or alternatively, beadapted to scan predetermined software code to automatically determinewhether the code, when executed, collects or otherwise uses personalinformation (e.g., sensitive personal information) and, if so, whattypes of personal information are being collected. In variousembodiments, in response to determining that the code collects certainpredetermined types of personal information, the system may associate aparticular risk level with the code (and/or a privacy campaignassociated with the code) and/or flag the code (and/or a privacycampaign associated with the code) to indicate that, before the code isplaced into use (e.g., publically launched and/or a non-testing versionof the software version of the software is launched), the code needs to:(1) be modified to not collect one or more types of personalinformation; and/or (2) be reviewed and approved by an appropriateindividual or group (e.g., the individual or group must approve the codeincluding the attribute). Such risk levels and flags may be communicatedto users within the context of a risk assessment system, such as one ormore of the systems described in U.S. Provisional Patent ApplicationSer. No. 62/348,695, entitled “Data Processing Systems and Methods forOperationalizing Privacy Compliance and Assessing the Risk of VariousRespective Privacy Campaigns and Related Systems and Methods”, which wasfiled on Jun. 10, 2016, and which, as noted above, is incorporatedherein by reference in its entirety.

Exemplary Technical Platforms

As will be appreciated by one skilled in the relevant field, a systemfor performing privacy assessments and monitoring new versions ofcomputer code for updated features and conditions that relate tocompliance with privacy standards may be embodied as a computer system,a method, or a computer program product. Accordingly, variousembodiments may take the form of an entirely hardware embodiment, anentirely software embodiment, or an embodiment combining software andhardware aspects. Furthermore, particular embodiments may take the formof a computer program product stored on a computer-readable storagemedium having computer-readable instructions (e.g., software) embodiedin the storage medium. Various embodiments may take the form of, forexample, web, mobile, or wearable computer-implemented computersoftware. Any suitable computer-readable storage medium may be utilizedincluding, for example, hard disks, compact disks, DVDs, optical storagedevices, and/or magnetic storage devices.

Various embodiments are described below with reference to block diagramsand flowchart illustrations of methods, apparatuses (e.g., systems) andcomputer program products. It should be understood that each step of theblock diagrams and flowchart illustrations, and combinations of steps inthe block diagrams and flowchart illustrations, respectively, may beimplemented by a computer executing computer program instructions. Thesecomputer program instructions may be loaded onto a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructionswhich execute on the computer or other programmable data processingapparatus to create means for implementing the functions specified inthe flowchart step or steps.

These computer program instructions may also be stored in acomputer-readable memory that may direct a computer or otherprogrammable data processing apparatus to function in a particularmanner such that the instructions stored in the computer-readable memoryproduce an article of manufacture that is configured for implementingthe function specified in the flowchart step or steps. The computerprogram instructions may also be loaded onto a computer or otherprogrammable data processing apparatus to cause a series of operationalsteps to be performed on the computer or other programmable apparatus toproduce a computer implemented process such that the instructions thatexecute on the computer or other programmable apparatus provide stepsfor implementing the functions specified in the flowchart step or steps.

Accordingly, steps of the block diagrams and flowchart illustrationssupport combinations of mechanisms for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instructions for performing the specified functions. Itshould also be understood that each step of the block diagrams andflowchart illustrations, and combinations of steps in the block diagramsand flowchart illustrations, may be implemented by special purposehardware-based computer systems that perform the specified functions orsteps, or combinations of special purpose hardware and other hardwareexecuting appropriate computer instructions.

Example System Architecture

FIG. 1 is a block diagram of a System 100 according to a particularembodiment. As may be understood from this figure, the System 100includes one or more computer networks 110, a Server 120, a StorageDevice 130 (which may contain one or more databases of information), oneor more remote client computing devices such as a tablet computer 140, adesktop or laptop computer 150, or a handheld computing device 160, suchas a cellular phone, browser and Internet capable set-top boxes 170connected with a TV 180, or a smart TV 180 having browser and Internetcapability. The client computing devices attached to the network mayalso include copiers/printers 190 having hard drives. The Server 120,client computing devices, and Storage Device 130 may be physicallylocated in a central location, such as the headquarters of theorganization, for example, or in separate facilities. The devices may beowned or maintained by employees, contractors, or other third parties(e.g., a cloud service provider). In particular embodiments, the one ormore computer networks 115 facilitate communication between the Server120, one or more client computing devices 140, 150, 160, 170, 180, 190,and Storage Device 130.

The one or more computer networks 115 may include any of a variety oftypes of wired or wireless computer networks such as the Internet, aprivate intranet, a public switched telephone network (PSTN), or anyother type of network. The communication link between the Server 120,one or more client computing devices 140, 150, 160, 170, 180, 190, andStorage Device 130 may be, for example, implemented via a Local AreaNetwork (LAN) or via the Internet.

Example Computer Architecture Used within the System

FIG. 2 illustrates a diagrammatic representation of the architecture ofa computer 200 that may be used within the System 100, for example, as aclient computer (e.g., one of computing devices 140, 150, 160, 170, 180,190, shown in FIG. 1), or as a server computer (e.g., Server 120 shownin FIG. 1). In exemplary embodiments, the computer 200 may be suitablefor use as a computer within the context of the System 100 that isconfigured to operationalize privacy compliance and assess the risk ofprivacy campaigns. In particular embodiments, the computer 200 may beconnected (e.g., networked) to other computers in a LAN, an intranet, anextranet, and/or the Internet. As noted above, the computer 200 mayoperate in the capacity of a server or a client computer in aclient-server network environment, or as a peer computer in apeer-to-peer (or distributed) network environment. The computer 200 maybe a personal computer (PC), a tablet PC, a set-top box (STB), aPersonal Digital Assistant (PDA), a cellular telephone, a web appliance,a server, a network router, a switch or bridge, or any other computercapable of executing a set of instructions (sequential or otherwise)that specify actions to be taken by that computer. Further, while only asingle computer is illustrated, the term “computer” shall also be takento include any collection of computers that individually or jointlyexecute a set (or multiple sets) of instructions to perform, forexample, any one or more of the methodologies discussed herein.

An exemplary computer 200 includes a processing device 202, a mainmemory 204 (e.g., read-only memory (ROM), flash memory, dynamic randomaccess memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM(RDRAM)), a static memory 206 (e.g., flash memory or static randomaccess memory (SRAM)), and a data storage device 218, which communicatewith each other via a bus 232.

The processing device 202 represents one or more general-purposeprocessing devices such as a microprocessor, a central processing unit,or the like. More particularly, the processing device 202 may be acomplex instruction set computing (CISC) microprocessor, reducedinstruction set computing (RISC) microprocessor, very long instructionword (VLIW) microprocessor, or processor implementing other instructionsets, or processors implementing a combination of instruction sets. Theprocessing device 202 may also be one or more special-purpose processingdevices such as an application specific integrated circuit (ASIC), afield programmable gate array (FPGA), a digital signal processor (DSP),network processor, or the like. The processing device 202 may beconfigured to execute processing logic 226 for performing variousoperations and steps discussed herein.

The computer 200 may further include a network interface device 208. Thecomputer 200 also may include a video display unit 210 (e.g., a liquidcrystal display (LCD) or a cathode ray tube (CRT)), an alphanumericinput device 212 (e.g., a keyboard), a cursor control device 214 (e.g.,a mouse), and a signal generation device 216 (e.g., a speaker). The datastorage device 218 may include a non-transitory computer-readablestorage medium 230 (also known as a non-transitory computer-readablestorage medium or a non-transitory computer-readable medium) on which isstored one or more sets of instructions 222 (e.g., software, softwaremodules) embodying any one or more of the methodologies or functionsdescribed herein. The software 222 may also reside, completely or atleast partially, within main memory 204 and/or within processing device202 during execution thereof by computer 200—main memory 204 andprocessing device 202 also constituting computer-accessible storagemedia. The software 222 may further be transmitted or received over anetwork 220 via a network interface device 208.

While the computer-readable storage medium 230 is shown in an exemplaryembodiment to be a single medium, the terms “computer-readable storagemedium” and “machine-accessible storage medium” should be understood toinclude a single medium or multiple media (e.g., a centralized ordistributed database, and/or associated caches and servers) that storethe one or more sets of instructions. The term “computer-readablestorage medium” should also be understood to include any medium that iscapable of storing, encoding or carrying a set of instructions forexecution by the computer and that cause the computer to perform, forexample, any one or more of the methodologies of the present invention.The term “computer-readable storage medium” should accordingly beunderstood to include, but not be limited to, solid-state memories,optical and magnetic media, etc.

Exemplary System Platform

According to various embodiments, the processes and logic flowsdescribed in this specification may be performed by a system (e.g.,System 100) that includes, but is not limited to, one or moreprogrammable processors (e.g., processor 202) executing one or morecomputer program modules to perform functions by operating on input dataand generating output, thereby tying the process to a particular machine(e.g., a machine programmed to perform the processes described herein).This includes processors located in one or more of client computers(e.g., client computers 140, 150, 160, 170, 180, 190 of FIG. 1). Thesedevices connected to network 110 may access and execute one or moreInternet browser-based program modules that are “served up” through thenetwork 110 by one or more servers (e.g., server 120 of FIG. 1), and thedata associated with the program may be stored on one or more storagedevices, which may reside within a server or computing device (e.g.,Main Memory 204, Static Memory 206), be attached as a peripheral storagedevice to the one or more servers or computing devices, or attached tothe network (e.g., Storage 130).

The System 100 may facilitate the acquisition, storage, maintenance,use, and retention of campaign data associated with a plurality ofprivacy campaigns within an organization. In doing so, various aspectsof the System 100 initiate and create a plurality of individual dataprivacy campaign records that are associated with a variety ofprivacy-related attributes and assessment-related metadata for eachcampaign. These data elements may include, for example: the subjects ofthe sensitive information, the respective person or entity responsiblefor each campaign (e.g., the campaign's “owner”), the location where thepersonal data will be stored, the entity or entities that will accessthe data, the parameters according to which the personal data will beused and retained, the Risk Level associated with a particular campaign(as well as assessments from which the Risk Level is calculated), anaudit schedule, and other attributes and metadata.

The System 100 may also be adapted to facilitate the setup and auditingof each privacy campaign. Suitable modules for performing thisfunctionality may include, for example, an Assessment Module and aMonitoring Module (examples of which are described below). It is to beunderstood that these are examples of modules of various embodiments,but the functionalities performed by each module as described may beperformed by more (or fewer) modules. Further, the functionalitiesdescribed as being performed by one module may be performed by one ormore other modules.

A. Example Elements Related to Privacy

FIG. 3 provides a high-level visual overview of example “subjects” forparticular data privacy assessments, exemplary “owners,” variouselements related to the storage and access of personal data, andelements related to the use and retention of the personal data. Each ofthese elements may, in various embodiments, be accounted for by theSystem 100 as it facilitates the implementation of an organization'sprivacy compliance policy.

As may be understood from FIG. 3, sensitive information may be collectedby an organization from one or more subjects 300. Subjects may includecustomers whose information has been obtained by the organization. Forexample, if the organization is selling goods to a customer, theorganization may have been provided with a customer's credit card orbanking information (e.g., account number, bank routing number), socialsecurity number, or other sensitive information.

An organization may also possess personal data originating from one ormore of its business partners. Examples of business partners are vendorsthat may be data controllers or data processors. Vendors may supply acomponent or raw material to the organization, which may includesoftware applications or database programs, or a website. Vendors mayalso be outside contractors responsible, for example, for the marketingor legal work of the organization. The personal data acquired from thepartner may be that of the partners, or even that of other entitiescollected by the partners. For example, a marketing agency may collectpersonal data on behalf of the organization, and transfer thatinformation to the organization. Moreover, the organization may sharepersonal data with one of its partners. For example, the organizationmay provide a marketing agency with the personal data of its customersso that it may conduct further research.

Other subjects 300 include the organization's own employees.Organizations with employees often collect personal data from theiremployees, including address and social security information, usuallyfor payroll purposes, or even prior to employment, for conducting creditchecks. The subjects 300 may also include minors. It is noted thatvarious corporate privacy policies or privacy laws may require thatorganizations take additional steps to protect the sensitive privacy ofminors.

Still referring to FIG. 3, within an organization, one or moreparticular individuals (or a particular group of individuals) may bedesignated to be an “owner” who is in charge of particular “privacycampaigns.” A privacy campaign may be, for example, an organized effortto manage personal data obtained from a particular initiative, such as aparticular business initiative, that may utilize personal data collectedfrom one or more persons or entities. The owners 310 may have anysuitable role within the organization. In various embodiments, an ownerof a particular campaign will have primary responsibility for thecampaign, and will serve as a resident expert regarding the personaldata obtained through the campaign, and the way that the data isobtained, stored, and/or accessed. As shown in FIG. 3, an owner may be amember of any suitable department, including the organization'smarketing, Human Resources, Research and Development, or InformationTechnology department. As will be described below, an organization mayemploy personnel from a privacy team, who typically operate under thechief privacy officer, or auditors, to carry out privacy assessments oraudits.

Referring still to FIG. 3, this figure shows that the use and retention315 of personal data may include how the data is analyzed and usedwithin the organization's operations, whether the data is backed up, andwhich parties within the organization are supporting the campaign.

The system may also be configured to help manage the storage and access320 of personal data. As shown in FIG. 3, a variety of different partiesmay access the data, and the data may be stored in any of a variety ofdifferent locations, including on-site, or in “the cloud”, i.e., onremote servers that are accessed via the Internet or other suitablenetwork.

B. Assessment Module

As noted above, the system may include an Assessment Module forautomatically performing privacy assessments of computer code. FIG. 4illustrates an exemplary process 400, executed by an Assessment Module,for automatically performing privacy assessments of computer code. Theprocess may be executed by one or more computing devices of the System100. In exemplary embodiments, a server (e.g., server 140) inconjunction with a client computing device having a browser (e.g.,computing devices 140, 150, 160, 170, 180, 190) execute the AssessmentModule by communicating, as needed, via a network (network 110). Invarious exemplary embodiments, the Assessment Module may call upon othermodules to perform certain functions. In exemplary embodiments, thesoftware may be organized as a single module to perform various computerexecutable routines.

As mentioned above, disconnects and differences in vernacular might leadto wrong answers to questions during a privacy audit or assessment. Toaddress this issue, in various embodiments, instead of determiningwhether an organization complies with the defined parameters of aprivacy campaign by, for example, conducting an audit as described above(e.g., by asking users to answer questions regarding the privacycampaign, such as: (1) “What personal data is being collected”; or (2)“What cookies are being used on the website”, the system (e.g., byexecuting the Assessment Module) may be configured to automaticallydetermine whether the organization is complying with one or more aspectsof the privacy policy. For example, during the audit process, the systemmay: (1) obtain a copy of computer code (e.g., a software application oran “app”) that is collecting and/or using sensitive user information,and then (2) automatically analyze the app to determine whether theoperation of the app or website is complying with the terms of theprivacy campaign (the privacy assessment standards at issue) that governthe use of the app, website, or other code.

The process of FIG. 4 begins at step 405. The system then advances tostep 410, where it displays, on a graphical user interface (e.g., awebpage or dialog box), an instruction (e.g., one or more prompts) for auser to provide the location of computer code, which may be, forexample, the code for a software application (e.g., a mobileapplication) or website, or any other computer code. The user may then,for example, browse to the location of a file that includes the computercode for uploading. If the code involved is that for a website, thesystem may prompt the user to provide the URL of the website.

At step 415, the Assessment Module may then use the location provided bythe user to obtain the computer code (for example, by uploading thefile, or obtaining the code directly from a website (e.g., by “scraping”the code from the website)).

Next, at step 420, the Assessment Module automatically electronicallyanalyzes the computer code to determine a plurality of privacy-relatedattributes of the computer code. The privacy-related attributes(features and/or conditions) of the computer code may relate, forexample, to the types of personal information the computer code collectsand/or accesses. For example, a particular app may have one or more ofthe following privacy-related attributes: (1) uses location-basedservices to detect the location of the user's computing device (e.g.,services that may determine the precise longitude and latitude of theuser's computing device and/or which of a plurality of predeterminedgeographical areas the computing device is located in—e.g., theparticular U.S. State or Zip Code that the user's computing device islocated in); (2) places network calls to another country (e.g., aparticular designated country, such as China); (3) uses encryption toprotect personal data; (4) issues calls to third party software; (5)accesses communications logs (e.g., call logs, email); (6) uses cookiesto track user behavior; and/or (7) collects personal data (e.g., auser's social security number, date of birth, credit card number,physical address, mailing address, email address, IP address, Internetbrowsing habits, purchase history, biometric data (e.g., finger prints,retinal scans, or other biometric data), and/or personal preferences).The system may use, for example, static analysis, behavior analysis, orsome combination of the two, to make the analysis and determination.

The Assessment Module may integrate with a third party system orsoftware (e.g., Veracode), which executes the analysis. As an example,for a software application, after the app is uploaded to the system, thesystem detects what privacy permissions and data the app is collectingfrom users.

In response to determining that the app is collecting one or morespecified types of personal data, which may be sensitive information(e.g., the location of the user's mobile device), the Assessment Modulemay automatically request follow up information from the user by posingone or more questions to the user. In the exemplary method of FIG. 4, atstep 425, the system may electronically display to the user a list ofthe privacy-related attributes related to the computer code, whereineach displayed attribute relates to a privacy assessment standard (e.g.,privacy policy, privacy law). For example, code related to thecollection of personal data such as a person's IP address, may begoverned by particular privacy laws.

At step 430, the system may electronically display one or more promptsto the user, wherein each prompt informs the user to input informationregarding the attributes. Questions posed by the prompts may include,for example: (1) “For what business reason is the data beingcollected?”; (2) “How is the app user's consent given to obtain thedata?”; (3) “Would app users be surprised that the data is beingcollected?”; (4) “Is the data encrypted at rest and/or in motion?”; (5)“What would happen if the system did not collect this data?”; and/or(6)“What business impact would it have to not collect this data?” Invarious embodiments, the system is adapted to allow users to customizethese follow-up questions, but the system asks the questions (e.g., thesame questions, or a customized list of questions) for each privacyissue that is found for the computer code at issue. The system may alsocollect other relevant comments regarding the computer code.

At step 435, the information regarding the attributes that were input bythe user may be communicated to one or more second users (e.g., one ormore software developers, privacy officers, “owners” of the code, orauditors) for an assessment. The information may, for example, help aprivacy officer work with a software developer to modify the code tocomply with one or more privacy policies, or to draft or modify aprivacy policy to be used on a website that implements the code. At step440, the process 400 may end.

As noted above, in particular embodiments, the system may also, oralternatively, be adapted to scan predetermined software code toautomatically determine whether the code, when executed, collects orotherwise uses personal information (e.g., sensitive personalinformation) and, if so, what types of personal information are beingcollected. In various embodiments, in response to determining that thecode collects certain predetermined types of personal information, thesystem may associate a particular risk level with the code and/or flagthe code to indicate that, before the code is placed into use (e.g.,before the code is publically launched and/or before a non-testingversion of the code is launched), the code needs to: (1) be modified tonot collect one or more types of personal information; and/or (2) bereviewed and approved by an appropriate individual or group (e.g., theindividual or group must approve the code including the attribute). Suchrisk levels and flags may be communicated to users within the context ofa risk assessment system, such as one or more of the systems describedin U.S. Provisional Patent Application Ser. No. 62/348,695, entitled“Data Processing Systems and Methods for Operationalizing PrivacyCompliance and Assessing the Risk of Various Respective PrivacyCampaigns and Related Systems and Methods”, which was filed on Jun. 10,2016, and which, as noted above, is incorporated herein by reference inits entirety.

C. Monitoring Module

In various embodiments, after particular computer code is scanned afirst time, if the code is subsequently scanned, the system may onlyscan to code to determine whether any changes have been made to the codesince the immediate previous scan of the code. If so, the system may,for example, automatically scan the application, as discussed above, todetermine whether the code has changed to add any additionalprivacy-related attributes. The system may then, for example,automatically notify one or more designated individuals (e.g., privacyoffice representatives) to indicate that a new version of the app wasdetected and also inform the one or more designated individuals as towhether the new version of the code added any additional privacy-relatedattributes since the immediate previous version of the code. Inparticular embodiments, the notification may also indicate whether thenew version of the app was released without a privacy assessment havingbeen performed on the new version.

In particular embodiments, when configuring the desired operation of theMonitoring Module, a user may specify that, if the system identifies anew version of a particular piece of code and determines that the newversion of the code has added one or more additional privacy-relatedattributes, the system will automatically prompt a user (e.g., asdiscussed above) for information regarding the newly-addedprivacy-related attributes. The system may then use this information asdiscussed above (e.g., it may send the information to a privacy officeror other individual who is responsible for the privacy aspects of thecomputer code).

Various steps executed by the Monitoring Module are shown in theflowchart of FIG. 5. Turning to this figure, the process 500 begins atstep 505. Next, at step 510, the system may receive an electronic inputfrom the user indicating that they wish to have the system monitorparticular computer code for changes.

At step 515, the system prompts for and receives from the user anelectronic input identifying the location of the new versions ofcomputer code. In various embodiments, the system is adapted to(optionally) automatically monitor (e.g., continuously monitor)locations that may be one or more online software applicationmarketplaces (such as the Microsoft Store, the Google Play Store, orApple's App Store) to determine whether the application has changed(e.g., a new version of the application is available).

In various embodiments in which the computer code comprises a website,the location may be a website's URL, and the Monitoring Module mayprompt the user to enter the URL of the web site to be analyzed. Forexample, the Monitoring Module may prompt the user to “Provide the URLof the Website to be Monitored.”

While the system may analyze every directory or level in the website,the system may, optionally, separately monitor, for changes in thecontent of a web page that includes the privacy policy that applies tothe website.

Often, an organization's privacy team (privacy office) and/or legaldepartment may provide web developers with the terms of the privacypolicy. However, it is not uncommon for an organization's marketing teamor outside creative agency to take it upon themselves to make changes byrewording the policy, or repositioning content on a particular web page.Because the location, placement, wording, and/or content of privacypolicies may be governed by law, there is reason to monitor changes toboth the content of such privacy policies and their placement on relatedweb pages. Monitoring the privacy page of a website may be beneficial,for example, in Mexico, which requires the content of the policy tocontain the word “privacy” and for that word to be displayed in thebottom right hand portion of the policy page.

At step 520, the Monitoring Module monitors the identified location forany new instances (i.e., potential new versions) of the computer code.If the system detects a new instance of the computer code located in theidentified location, it compares the obtained instance of computer codeto a previous assessed version of the computer code (e.g., the mostrecent version of the computer code that was previously assessed by thesystem). During this scanning, the Monitoring Module may also determineany privacy-related attributes of the computer code. In the case of awebsite, the Monitoring Module may, for example, continuously monitorthe specified website site for cookies, and/or for whether othertracking mechanisms, such as fingerprinting technologies and/or 3rdparty SDKs, are used.

At step 525, the Monitoring Module uses the analyzed information tocompare the code that was obtained with a previously assessed version ofthe computer code. At 530, the Monitoring Module determines whether thecurrently-obtained instance of computer code is different than thepreviously assessed version of the computer code (which would beindicative of a new version of the software). In various embodimentsrelated to monitoring of a privacy policy link, the Monitoring Modulemay also auto-detect whether any changes have been made to the privacypolicy or the location of the privacy policy link on the page.

If no differences are detected, then the process 500 may proceed back tostep 520 wherein the Monitoring Module monitors for new instances ofcomputer code again. If there is a difference between the obtainedinstance and the immediate previously assessed version of the computercode, then at 535, the system may notify a user that a change inversions of the software code has been detected, and prompt the user toobtain information regarding the new version of computer code (e.g., thereason for the new code, whether the new code is necessary, etc.).

Alternatively, at step 535, the Monitoring Module may automaticallyanalyze the computer code and electronically present the user with alist of differences between the obtained instance of computer code andthe previous assessed version of the computer code. For example, theMonitoring Module may prompt the user for information regarding theprivacy-related attributes that have changed or been added. In variousembodiments, the Monitoring Module may ask the user to complete a seriesof one or more follow-up questions for each of these changed or addedprivacy-related attributes found during the scan of the app, or website.For example, the system may ask the reason the new privacy-relatedattribute is in the code, whether the code may be changed back toeliminate the attribute, etc.

At 540, any information obtained from step 535 may be communicated toone or more second users (e.g., one or more software developers, privacyofficers, or auditors) for use in further privacy-relateddecision-making as described above. In various embodiments, the systemis configured to, for example, generate an alert to an appropriateindividual (e.g., a designated privacy officer) to inform them of thechange(s) to the computer code and provide them with the obtainedinformation regarding the changes as described above.

At 545, appropriate changes to the code may be made to comply withprivacy standards if the campaign owners decide that the computer codeis noncompliant. The privacy officer may use this information, forexample, to determine whether to modify the privacy policy for thewebsite or to coordinate discontinuing use of the new trackingtechnologies and/or SDKs. and, in response to auto-detecting suchchanges, trigger an audit of the project.

Exemplary User Experience

FIGS. 6A and 6B illustrates an example of a graphical user interface(GUI) for performing automated privacy assessments. The method includesdisplaying on an Assessment GUI 600 (e.g., a webpage or dialog box) aninstruction 605 (or prompts) for a user to provide the location ofcomputer code, which may be, for example, a software application (e.g.,a mobile application, a database application), or a website. Forexample, the system may prompt a user with an “Upload Your Software orEnter the URL of the Website to Initiate Privacy Assessment” message.The user may use the browse button 610 to browse to the location of afile that includes the computer code for uploading. When the file isselected, the name of the file may appear in a computer code entry field615 so as to display to the user the file that will be uploaded. If thecode involved is a website, the user may provide the URL of the websitefor which the privacy assessment is desired. Once the user selects the“Extract” button 620, the system electronically obtains the computercode. The “Extract” button 620 may, alternatively, bear another label,such as “Import,” “Upload,”, “Obtain,” etc.

The system then automatically electronically analyzes the computer codeto determine one or more attributes of the computer code. The attributes(features and/or conditions) of the computer code may relate tolocation-based services, network calls to another country (e.g., China),encryption (or lack thereof), third party software (e.g., libraries,SDKs), access to communications logs (e.g., call logs, email), tracking(e.g., cookies), and personal data collection (wherein the personal datamay be a social security number, date of birth, credit card number,physical address, mailing address, email address, IP address, Internetbrowsing habits, purchase history, biometric data (e.g., finger printsor retinal scans), and personal preferences. The system may use, forexample, static analysis, behavior analysis, or some combination of thetwo, to make the analysis and determination.

Next, as shown in illustrative FIG. 6B, the system may electronicallydisplay to the user, in assessment GUI 600, a list of the attributesrelated to the computer code, wherein each displayed attribute relatesto a privacy assessment standard (e.g., privacy policy, privacy law).The assessment GUI 600 may display, for example, an identifier (e.g., afile name) associated with the computer code 625 that was assessed (ifthe assessment involved a website, the URL of the website may bedisplayed). The assessment GUI 600 may also display some informativeindication 630 to the user that the analysis revealed certain featuresor conditions (e.g., attributes) of the code that may have an impact onone or more of the company's privacy polies (or relevant privacy laws).In example 6B, the system may electronically display a list ofattributes 635, along with a plurality of prompts to the user, whereineach prompt informs the user to input information regarding theattributes, and other relevant comments. As mentioned above, a user maybe prompted to answer a plurality of questions, including for eachattribute. In the exemplary embodiment show in FIG. 6B, the user ispresented with a prompt 640 to enter the reason the code has theattribute, a prompt 645 to select whether the attribute may beeliminated (e.g., check “Yes” or “No”), and a prompt 650 to enter in anycomments or exceptions relating to the attribute. Each prompt may haveone or more entry fields, check boxes, and the like, associated with it.The information regarding the attributes that was input by the user maybe communicated to one or more second users (e.g., software developers,privacy office personnel, or auditors) for an assessment. In the exampleshown, the user may select the submit button 665 to communicate thisinformation.

In the example shown in FIG. 6b , prior to selecting the submit button665, a user of the system (e.g., or software developer, a privacy officeteam member, or auditor,) may respond to the prompt 655 by electing toautomatically monitor subsequent computer code versions of the code byselecting the check box associated with the prompt 655. The system maydisplay a prompt 660 asking for the user to input the location of thenew versions of computer code. In various embodiments, a drop-downselector may be used to facilitate entering the location, which may bean on-line application store, such as the Microsoft Store, Google PlayStore, Apple App Store, or in the case of a website, a URL. The systemthen periodically (or in the alternative, continuously) monitors theidentified location for any instances (e.g., potential new versions) ofthe computer code. The system then compares code obtained from thelocation to a previous assessed version of the computer code.

FIG. 7: Collaborator Assignment Notification and Description Entry

Referring to FIG. 7, if an obtained instance of computer code isdifferent than the immediate previously privacy-assessed version of thecomputer code, then the system may display a GUI 700 that shows theresults of the analysis and prompts for and obtains informationregarding any new or changed attributes discovered. The GUI 700 maydisplay the name 705 of the new version (if a name and version numberwas detected), as well as the name 710 of the previous version of thecomputer code. The GUI 700 may provide an informative statement 715indicating, for example, “We detected the following new version of yoursoftware. The following changes or added features/conditions may relateto our company's privacy policies. Please provide information to theprivacy office regarding each.” In various exemplary embodiments, themonitoring module may simply ask the user for information regarding thenew version of computer code (e.g., the reason for the new code). Thesystem may display a prompt that states, for example, “We have detecteda new version of software from the original. Please let us know what haschanged.”

The system may also, after analyzing the computer code for differences,present the user with a list of differences, and obtain informationregarding the attributes that have changed or been added. In Example 7,the system may electronically display a list of attributes 720 (here,only one attribute is listed—“Access to phone photos”), along with aplurality of prompts to the user, where each prompt informs the user toinput information regarding the attributes, and other relevant comments.As mentioned above, numerous questions may be prompted, including foreach attribute. In the exemplary embodiment shown in FIG. 7, the user ispresented with a prompt 725 to enter the reason the attribute is in thecode, a prompt 730 to select whether the attribute may be eliminated(e.g., check “Yes” or “No”), and a prompt 735 to enter in any commentsor exceptions relating to the attribute. Each prompt may have one ormore entry fields, check boxes, and the like, associated with it. Theinformation regarding the attributes that was input by the user may becommunicated (e.g., notified, alerted, etc.) to one or more second users(e.g., privacy office personnel, auditors, etc.) for an assessment. Inthe example shown, the user may select the submit button 740 tocommunicate this information to the one or more second users (e.g.,privacy office personnel, auditors, etc.) for use in determining how tomove forward in accordance with the applicable privacy policies.

CONCLUSION

Although embodiments above are described in reference to various systemsand methods for performing privacy assessments and monitoring newversions of computer code for updated features and conditions thatrelate to compliance with privacy standards, it should be understoodthat various aspects of the system described above may be applicable toother privacy-related systems, or to other types of systems, in general.While this specification contains many specific embodiment details,these should not be construed as limitations on the scope of anyinvention or of what may be claimed, but rather as descriptions offeatures that may be specific to particular embodiments of particularinventions. Certain features that are described in this specification inthe context of separate embodiments may also be implemented incombination in a single embodiment. Conversely, various features thatare described in the context of a single embodiment may also beimplemented in multiple embodiments separately or in any suitablesub-combination. Moreover, although features may be described above asacting in certain combinations and even initially claimed as such, oneor more features from a claimed combination may in some cases be excisedfrom the combination, and the claimed combination may be directed to asub-combination or variation of a sub-combination.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be advantageous. Moreover, the separation of various systemcomponents in the embodiments described above should not be understoodas requiring such separation in all embodiments, and it should beunderstood that the described program components and systems maygenerally be integrated together in a single software product orpackaged into multiple software products.

Many modifications and other embodiments of the invention will come tomind to one skilled in the art to which this invention pertains havingthe benefit of the teachings presented in the foregoing descriptions andthe associated drawings. While examples discussed above cover the use ofvarious embodiments in the context of operationalizing privacycompliance and assessing risk of privacy campaigns, various embodimentsmay be used in any other suitable context. Therefore, it is to beunderstood that the invention is not to be limited to the specificembodiments disclosed and that modifications and other embodiments areintended to be included within the scope of the appended claims.Although specific terms are employed herein, they are used in a genericand descriptive sense only and not for the purposes of limitation.

What is claimed is:
 1. A computer system for use in automaticallymonitoring computer code for changes within the context of privacymanagement, the computer system comprising: one or more computerprocessors; computer memory operatively coupled to the one or morecomputer processors, wherein the computer system is configured for:monitoring, by one or more computer processors, one or more computerstorage locations to determine whether any new versions of particularcomputer code have been stored in the one or more computer storagelocations by executing the data processing steps of: (A) receiving anindication that new computer code has been stored in the one or morecomputer storage locations; and (B) comparing the contents of the newcomputer code with one or more versions of the particular computer codethat have been assessed as a part of a previous privacy assessment, andin response to determining that the contents of the new computer codeare different from the contents of the one or more versions of theparticular computer code that have been assessed as a part of a previousprivacy assessment, communicating, by the one or more computerprocessors, an alert to a user indicating that a new version of theparticular computer code exists; and in response to determining that thecontents of the new computer code are different from the contents of theone or more versions of the particular computer code that have beenassessed as a part of a previous privacy assessment: automaticallyelectronically analyzing, by the one or more computer processors, thenew computer code to determine one or more privacy-related attributes ofthe new computer code, each of the privacy-related attributes indicatingone or more types of personal information the new computer code collectsor accesses; electronically displaying to an individual, by the one ormore computer processors, a list of the one or more privacy-relatedattributes of the new computer code; electronically displaying, by theone or more computer processors, one or more prompts to the individual,wherein each prompt informs the user to input information regarding oneor more particular attributes of the one or more privacy-relatedattributes; and communicating, by the one or more computer processors,the information regarding the particular privacy-related attributes toone or more second individuals for use in conducting a privacyassessment of the new computer code.
 2. The computer system of claim 1,wherein the one or more computer storage locations comprise an appstore.
 3. The computer system of claim 1, wherein the one or morecomputer storage locations comprise a designated folder in computermemory.
 4. The computer system of claim 1, wherein the new computer codeis computer code that is associated with a website and the one or morestorage locations comprises a URL.
 5. The computer system of claim 4,wherein the computer system is further configured for: monitoring, bythe one or more computer processors, a location of a privacy policy onthe website; and in response to the location of the privacy policysatisfying one or more specified criteria, communicating, by the one ormore computer processors, an alert to a user.
 6. The computer system ofclaim 5, wherein the one or more specified criteria comprise thelocation of the privacy policy being different from a specified locationon the website.
 7. A computer system for use in automatically monitoringcomputer code for changes within the context of privacy management, thecomputer system comprising: at least one processor; and memoryoperatively coupled to the at least one processor, wherein the computersystem is configured for: monitoring one or more computer storagelocations to determine whether any new versions of particular computercode have been stored in the one or more computer storage locations byexecuting the data processing steps of: (A) receiving an indication thatnew computer code having an identifier associated with the particularcomputer code has been stored in the one or more computer storagelocations; and (B) comparing the contents of the new computer code withone or more versions of the particular computer code that have beenassessed as a part of a previous privacy assessment, and in response todetermining that the contents of the new computer code are differentfrom the contents of the one or more versions of the particular computercode that have been assessed as a part of a previous privacy assessment:automatically electronically analyzing the new computer code todetermine whether the new computer code has any one of a specifiedplurality of privacy-related attributes; and in response to determiningthat the new computer code has a particular one of the specifiedplurality of privacy-related attributes: (A) executing the steps of: (i)electronically displaying one or more prompts to a user requesting thatthe user input information regarding the particular privacy-relatedattribute; (ii) receiving input information from the user regarding theparticular privacy-related attribute; and (iii) communicating the inputinformation to a second user for use in a privacy assessment of the newcomputer code; (B) changing an indicator associated with the newcomputer code to indicate that, before the new computer code islaunched, the attribute should be reviewed by one or more designatedindividuals; and (C) changing an indicator associated with the newcomputer code to indicate that, before the new computer code islaunched, the new computer code should be modified to not include theparticular privacy-related attribute.
 8. The computer system of claim 7,wherein the particular privacy-related attribute is that the newcomputer code collects information regarding the web browsing habits ofusers of the new computer code.
 9. The computer system of claim 7,wherein the information regarding one or more particular attributescomprises a reason that the new computer code has the one or moreattributes.
 10. The computer system of claim 7, wherein the one or morecomputer storage locations comprises an app store.
 11. The computersystem of claim 7, wherein the one or more computer storage locationscomprises a designated folder in computer memory.
 12. The computersystem of claim 7, wherein the new computer code is computer code thatis associated with a website and the one or more storage locationscomprises a URL.
 13. A computer-implemented data processing method foruse in automatically monitoring computer code for changes within thecontext of privacy management, the method comprising: monitoring, by oneor more computer processors, to determine whether any new versions ofparticular computer code exist in one or more computer storagelocations; in response to determining that one or more new versions ofthe particular computer code exist in the one or more computer storagelocations: (A) automatically electronically, by one or more computerprocessors, analyzing the one or more new versions of computer code todetermine one or more privacy-related attributes of the one or more newversions of computer code, each of the one or more privacy-relatedattributes indicating one or more types of personal information the oneor more new versions of computer code collects or accesses; (B)electronically displaying to an individual, by one or more computerprocessors, a list of the determined one or more privacy-relatedattributes; (C) electronically displaying, by one or more computerprocessors, one or more prompts to an individual wherein each promptinforms the individual to input information regarding the one or moreattributes; and (D) communicating, by one or more computer processors,the information regarding the one or more privacy-related attributes toone or more second individuals for use in conducting a privacyassessment of the new computer code.
 14. The computer-implemented dataprocessing method of claim 13, further comprising, in response todetermining that one or more new versions of the computer code exist inthe one or more computer storage locations: automaticallyelectronically, by one or more computer processors, analyzing the one ormore new versions of the computer code to determine whether the one ormore new versions of the computer code has a particular one of aspecified plurality of privacy-related attributes; and in response todetermining that the one or more new versions of the computer code hasthe particular privacy-related attribute: (A) changing, by one or morecomputer processors, an indicator associated with the one or more newversions of the computer code to indicate that, before the one or morenew versions of the computer code is launched, the attribute should bereviewed by one or more designated individuals; and (B) changing, by oneor more computer processors, an indicator associated with the one ormore new versions of the computer code to indicate that, before the oneor more new versions of the computer code are launched, the one or morenew versions of the computer code should be modified to not include theone or more particular attributes.
 15. The computer-implemented dataprocessing method of claim 14, wherein the particular privacy-relatedattribute is that the one or more new versions of the computer codecollects information regarding the location of users of the one or morenew versions of the computer code.
 16. The computer-implemented dataprocessing method of claim 14, wherein the particular privacy-relatedattribute is that the one or more new versions of the computer codecollects information regarding the web browsing habits of users of thenew computer code.
 17. The computer-implemented data processing methodof claim 14, wherein the information regarding one or more particularattributes comprises a reason for having the new computer code have theone or more attributes.
 18. The computer-implemented data processingmethod of claim 13, wherein the one or more computer storage locationscomprises an app store.
 19. The computer-implemented data processingmethod of claim 13, wherein the one or more computer storage locationscomprises a designated folder in computer memory.
 20. Thecomputer-implemented data processing method of claim 13, wherein the oneor more new versions of the computer code is computer code that isassociated with a web site and the one or more storage locationscomprises a URL.